Security & compliance
Security & compliance
Complaints will be responded to and escalated depending on the severity and criticality of the claim.
Complaints submitted using this form can be submitted anonymously; if you prefer to be identified to IllumiCare Compliance or require additional follow-up or status updates, please provide contact information at the time of submission. Know that all complaints, regardless of reporter status (named or anonymous) are held in the strictest confidence, disclosed on a least necessary basis, and shall be free of any retaliatory or punitive actions by or on behalf of IllumiCare, or its affiliates.
Alternatively, reports may be submitted by contacting our corporate office at 205.578.1738 and asking to speak to our Compliance Officer.
Other uses of this form include, but are not limited to requests for various certification documentation, questions related to internal policies at IllumiCare, reporting by external parties related to suspected or known security threats, questions or concerns related to data use practices, or other inquires related to business or legal obligations related to IllumiCare.
For those interested in doing business with IllumiCare or seeking employment opportunities, please direct inquires via the form on our Contact Page.
ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size or nature.
The IllumiCare Information Security Management System is modeled after ISO 27001:2013 to ensure ongoing compliance with HIPAA as well as other relevant legal, regulatory, and other requirements. The overall Information Security Management Program and all supporting policies reflect these controls, practices, and approach. IllumiCare dedicates appropriate resources to the oversight of this program, and updates are made as necessary and appropriate to ensure industry best practices and reviewed and approved by senior leadership at least annually.
IllumiCare is committed to ensuring customers (existing and prospective) and other relevant interested third parties are confident in the security practices of IllumiCare and has achieved ISO27001 certification accordingly. IllumiCare undergoes both internal and external Penetration testing at least annually, or upon any qualifying change to the IllumiCare environment, as well as the required internal audit activities (as performed by a contracted, neutral third-party), in addition to the certification audit including impartial reviews of the operational and security practices of IllumiCare against industry established best practices and standards.
To request a copy of the latest IllumiCare ISO 27001:2013 certificate and any necessary supporting documents, please submit a “Document Request” using the form on this page. A member of the Security and Compliance team will respond accordingly.
Certificate dated: December 22, 2021
AICPA | SOC
The American Institute of Certified Public Accountants (AICPA) System and Organizational Controls (SOC) for Service Organizations reports are designed to help service organizations that provide services to other entities, build trust and confidence in the service performed and controls related to the services through a report by an independent CPA firm.
IllumiCare SOC Reports are based on contracted independent third-party assessor examinations and include the opinion and attestation as to the validity and adherence control criteria. The resulting reports demonstrate how IllumiCare achieves key compliance controls and objectives. The purpose of these reports is to help customers and auditors understand the IllumiCare controls established to support operations and compliance. IllumiCare has obtained both SOC2, Type II report, and a SOC3 report over the entire scope of the Organization; distribution of SOC2 reports are limited in their approved use cases and interested party definitions, and requires execution of NDA, as well as approval by executive agent representative of IllumiCare. The SOC3 report pertains to the same subject matter but is available for broader distribution.
The IllumiCare Information Security Management System has been assessed and measured against all five Trust Services Criteria for 2017 Trust Services Criteria; Security, Availability, Processing Integrity, Confidentiality, and Privacy and found to conform to the framework to measure ongoing compliance with HIPAA Privacy and Security rules, as well as other relevant legal, regulatory, and other requirements considered within the AICPA’s SOC framework. The broader security and compliance program and all supporting policies reflect these controls, practices, approach, and commitment to secure business practices. IllumiCare dedicates appropriate resources to the oversight of this program, and updates are made as necessary and appropriate to ensure industry best practices and reviewed and approved by senior leadership at least annually.
IllumiCare is committed to ensuring customers (existing and prospective) and other relevant interested third parties are confident in the security practices of IllumiCare and has achieved conformity with the AICPA’s Trust Services Criteria, accordingly. To request a copy of the latest IllumiCare SOC attestation report(s), please submit a “Document Request” using the form on this page. A member of the Security and Compliance team will respond to the request.
SOC3 Report dated: August 26, 2022
SOC2 Type II Attestation Report dated: August 26, 2022